Supported S3 ACL Permissions
The following tables describe the supported permissions for primary and canned
ACLs:
Table 13 Primary ACL: Grantee Supported Permissions
|
|
|
|
READ
|
Enables grantee to list the objects in the bucket.
|
Enables grantee to read the object data and its metadata. |
|
WRITE |
Enables grantee to create, overwrite, and delete any object in the bucket. |
Not applicable. |
|
READ_ACP |
Enables grantee to read the bucket ACL. |
Enables grantee to read the object ACL. |
|
WRITE_ACP |
Enables grantee to write the ACL for the applicable bucket. |
Enables grantee to write the ACL for the applicable
object. |
|
FULL_CONTROL
|
Allows grantee the READ, WRITE, READ_ACP, and WRITE_ACP
permissions on the bucket.
|
Enables grantee the READ, READ_ACP, and WRITE_ACP permissions
on the object.
|
|
Table 14 Canned ACL: Supported Group Permissions
|
|
|
|
private
|
Bucket and object
|
Owner gets FULL_CONTROL. No one else has access rights
(default).
|
|
public-read
|
Bucket and object
|
Owner gets FULL_CONTROL. The All Users Group gets READ
access.
|
|
public-read-write
|
Bucket and object
|
Owner gets FULL_CONTROL. The All Users Group gets READ and
WRITE access. For security reasons, granting this canned ACL on
a bucket is generally not recommended.
|
|
authenticated-read
|
Bucket and object
|
Owner gets FULL_CONTROL. The Authenticated Users Group gets
READ access.
|
|
bucket-owner-read
|
Object
|
Object owner gets FULL_CONTROL. Bucket owner gets READ access.
If you specify this canned ACL when creating a bucket, the
appliance S3 API ignores it.
|
|
bucket-owner-full-control
|
Object
|
Both the object owner and the bucket owner get FULL_CONTROL
over the object. If you specify this canned ACL when creating a
bucket, the appliance S3 API ignores it.
|
|